Re: [VOTE] Release Apache httpd 2.4.8 as GA

Rainer Jung Tue, 11 Mar 2014 13:31:10 -0700

On 11.03.2014 17:34, Jim Jagielski wrote:
> The pre-release test tarballs for Apache httpd 2.4.8 can be found
> at the usual place:
> 
>       http://httpd.apache.org/dev/dist/
> 
> I'm calling a VOTE on releasing these as Apache httpd 2.4.8 GA.
> 
> [ ] +1: Good to go
> [ ] +0: meh
> [ ] -1: Danger Will Robinson. And why.
> 
> Vote will last the normal 72 hrs.
> 
> NOTE: The *-deps are only there for convenience.


I get a segfault during startup init on www.apache.org when using SSL.
This didn't happen for r1570851. Candidate is r1573360.

That server currently uses OpenSSL 1.0.1e.

GDB:

Program terminated with signal 11, Segmentation fault.
#0  0x000000010287a19a in ssl_set_cert_masks () from
/usr/local/lib/libssl.so.8
(gdb) bt full
#0  0x000000010287a19a in ssl_set_cert_masks () from
/usr/local/lib/libssl.so.8
No symbol table info available.
#1  0x000000010287a6f6 in ssl_get_server_send_pkey () from
/usr/local/lib/libssl.so.8
No symbol table info available.
#2  0x000000010287a7a9 in ssl_get_server_send_cert () from
/usr/local/lib/libssl.so.8
No symbol table info available.
#3  0x0000000102616d2a in ssl_init_server_certs (pphrases=0x10226ab58,
mctx=0x10227d938, ptemp=<optimized out>, p=<optimized out>, s=<optimized
out>) at ssl_engine_init.c:959
No locals.
#4  ssl_init_server_ctx (pphrases=<optimized out>, sc=<optimized out>,
ptemp=<optimized out>, p=<optimized out>, s=<optimized out>) at
ssl_engine_init.c:1287
No locals.
#5  ssl_init_ConfigureServer (s=0x102277350, p=0x102023028,
ptemp=0x102051028, sc=0x10227d7d8, pphrases=<optimized out>) at
ssl_engine_init.c:1378
        rv = <optimized out>
#6  0x0000000102617cfc in ssl_init_Module (p=0x102023028,
plog=<optimized out>, ptemp=0x102051028, base_server=0x10204dbe8) at
ssl_engine_init.c:228
        mc = <optimized out>
        sc = <optimized out>
        s = 0x102277350
        rv = 0
        pphrases = 0x10226ab58
#7  0x000000000044965c in ap_run_post_config (pconf=0x102023028,
plog=0x10204f028, ptemp=0x102051028, s=0x10204dbe8) at config.c:103
        n = 4
        rv = <optimized out>
#8  0x000000000042afd7 in main (argc=9, argv=0x7fffffffd8c0) at main.c:696
        c = 68 'D'
        showcompile = 0
        showdirectives = 0
        confname = 0x7fffffffdbb7 "/.../conf/httpd.conf"
        def_server_root = 0x4655c0 "/..."
        temp_error_log = 0x0
        error = <optimized out>
        process = 0x102021118
        pconf = 0x102023028
        plog = 0x10204f028
        ptemp = 0x102051028
        pcommands = 0x102045028
        opt = 0x102045118
        rv = <optimized out>
        opt_arg = 0x7fffffffdbfa "SSL"

...

#3  0x0000000102616d2a in ssl_init_server_certs (pphrases=0x10226ab58,
mctx=0x10227d938, ptemp=<optimized out>, p=<optimized out>, s=<optimized
out>) at ssl_engine_init.c:959
959             if (!(ssl = SSL_new(mctx->ssl_ctx)) ||

(gdb) print *pphrases
$1 = {pool = 0x102051028, elt_size = 8, nelts = 0, nalloc = 2, elts =
0x10226ab78 ""}

(gdb) print *mctx
$2 = {sc = 0x10227d7d8, ssl_ctx = 0x102185600, pks = 0x10227da20, pkp =
0x0, ticket_key = 0x10227dab0, protocol = 6, pphrase_dialog_type =
SSL_PPTYPE_BUILTIN,
  pphrase_dialog_path = 0x0, cert_chain = 0x1022784c0 "/....crt",
crl_path = 0x0, crl_file = 0x0,
  crl_check_mode = SSL_CRLCHECK_UNSET, stapling_enabled = 0,
stapling_resptime_skew = -1, stapling_resp_maxage = -1,
stapling_cache_timeout = -1,
  stapling_return_errors = 4294967295, stapling_fake_trylater =
4294967295, stapling_errcache_timeout = -1, stapling_responder_timeout =
-1, stapling_force_url = 0x0,
  srp_vfile = 0x0, srp_unknown_user_seed = 0x0, srp_vbase = 0x0, auth =
{ca_cert_path = 0x0, ca_cert_file = 0x0,
    cipher_suite = 0x102108d18 "...", verify_depth = 1, verify_mode =
SSL_CVERIFY_NONE},
  ocsp_enabled = 0, ocsp_force_default = 0, ocsp_responder = 0x0,
ocsp_resptime_skew = -1, ocsp_resp_maxage = -1, ocsp_responder_timeout = -1}

Config structure is roughly:

<VirtualHost _default_:443>
    ServerName ...
    DocumentRoot ...
    SSLEngine on
    SSLCACertificateFile ....pem
    SSLCertificateFile ....crt
    SSLCertificateKeyFile ....key
    SSLCertificateChainFile ....pem
</VirtualHost>

<VirtualHost *:443>
   SSLEngine on
   SSLCertificateFile ....crt
   SSLCertificateKeyFile ....key
   SSLCertificateChainFile ....crt

   DocumentRoot ...
   ServerName ...
   ServerAlias ...
   UseCanonicalName On

   non-ssl config items
</VirtualHost>

<VirtualHost *:443>
   ServerName ...
   UseCanonicalName Off
   VirtualDocumentRoot ...
   VirtualScriptAlias ...
   ServerAlias ...

   SSLEngine on
   SSLCertificateFile ....crt
   SSLCertificateKeyFile ....key
   SSLCertificateChainFile ....crt

   non-ssl config items
</VirtualHost>

The certificates etc. in the three blocks are three different ones.

I'll have a look what I can find out, just an early heads-up.

Regards,

Rainer

Re: [VOTE] Release Apache httpd 2.4.8 as GA

Reply via email to